Wednesday, 15 September 2010

User confirmation script not working even though it should PHP MYSQL -


I still have another problem though this time with user confirmation. After registering the users, they receive an email with link mydomain.co.uk/confirm.php?username=(username)&id=(id). Everything works out there, however, the user is not being confirmed even when the id and username are correct. Here's the script:

  & lt ;? Php $ id = $ _REQUEST ['id']; $ Username = $ _REQUEST ['Username']; $ Link = mysql_connect ('localhost', 'website', 'mypasswordtroll'); If (! $ Link) {dead ('Could not connect:' Mysql_error ()); } $ Db_selected = mysql_select_db ('website', $ link); If (! $ Db_selected) {databases ('databases can be used:'. Mysql_error ()); } $ Result = mysql_query ("Select * FROM unconfirmedusers WHERE user name = '$ username' and id = $ id"); If (mysql_num_rows ($ result) == 0) {$ continue = false; } While ($ line = mysql_fetch_array ($ result)) {$ usr = $ row ['username']; $ Pass = $ row ['password']; $ Email = $ line ['email']; $ Day = $ line ['day']; $ Month = $ line ['month']; $ Years = $ line ['year']; } If ($ release == wrong) {echo '  

I can not find anything wrong with this and I have no idea Which part is wrong ... can someone enter an error that will help me on this?

$ release = false incorrect will always be correct because you have never issued $ . If no variable is set to $ var , then ($ var == incorrect) will always be correct ($ var === incorrect) , second On the side, true will return if you explicitly set $ var to false .

needs to be changed ($$ === incorrect) , or you need to add $ continue = true; Before checking whether there is any results.

He said, as the FrashchiprensOFSO commented, you need to correct this code and do some research on MySQL injection. In addition, I should note that mysql functions are disliked and you should use MySQLi instead.

No comments:

Post a Comment